The No.1 Reason I Won’t Be Using Amazon Cloud Drive

This is a post by Bobby Travis, who wrote with me at 40Tech from 2009 through 2012. Bobby has since moved on to bigger and better things, but I've left all of his great contributions up on the site. - Evan

Amazon recently launched its Cloud Drive service offering users 5 GB of free online storage, with very competitive plans that essentially amount to yearly subscriptions of $1/GB, going up as high as 1000 GB. When combined with the Amazon Cloud Player (US-only), which allows you stream your music files from any computer or Android device, and doesn’t count Amazon MP3 purchases against your subscription limit, the Amazon Cloud Drive seems like one hell of a deal! The Amazon servers are some of the best out there, and unlike services like Microsoft’s SkyDrive, there are no limitations as to what can be uploaded as long as you own the files and their contents, don’t violate any laws by storing them, and agree not to upload anything that could be potentially dangerous.

All very reasonable and expected, no? Be a law-abiding and conscientious citizen, use the service responsibly, and you’re golden, right? Right — unless you enjoy the possibility of your privacy being infringed upon at the whim of a large corporation.

My problem with the Amazon Cloud Drive service, no matter how good it might be, all boils down to a single clause in their terms of service — which I hope that everyone who signed up for the service (or any service) read thoroughly. In section 5.2 of the Terms of Use, Amazon clearly states the following:

5.2.Our Right to Access Your Files. You give us the right to access, retain, use and disclose your account information and Your Files: to provide you with technical support and address technical issues; to investigate compliance with the terms of this Agreement, enforce the terms of this Agreement and protect the Service and its users from fraud or security threats; or as we determine is necessary to provide the Service or comply with applicable law.

Giving a corporation and its designated appointees the right to access, keep, use, and share both my account information and my personal and business files is something that I’m simply not comfortable with. I understand the concept of limited access to files for the purposes of technical support, and I even get holding them on the order of a court of law or government body, but the use of the phrase “as we determine is necessary to provide the Service” is playing a bit too fast and loose for me. I have no idea what they might determine is necessary — it’s completely arbitrary. I am reasonably certain that, if there were victims of some sort of foul play resulting from that phrase, a court of law would be able to find in favour of those victims, but who wants to be a victim, even potentially? Don’t we have enough problems with digital privacy already?

The Amazon Cloud Drive is promising, but for a service that is fending off criticisms from the music industry by touting itself as a personal hard drive, they certainly don’t provide the end-user with anything even close to resembling the right to privacy that is inherent in a true personal hard drive. I hope that users read and thoroughly understand the fine print before they decide to upload their lives to this service!

Bobby isn't 40-something, but is a strong supporter of the Grown-up Geek kind. He's a loving husband and father first, but is also a freelance writer, productivity nut, operatically trained singer, and (not-so) closet geek.
Check out his random thoughts, wackiness, and Instagram pics on Tumblr, Twitter, or Google+-- or just head over to bobby-travis.com.

I suppose I have to give them credit for getting to the point about it — they are definitely not trying to hide it. I’m also surprised about the lack of backlash. I waited for a week before deciding to write the post, and the only mention I saw of the privacy issues with Amazon Cloud Drive were a bare — and somewhat amused — mention by an author on ReadWriteWeb.

In the spirit on fairness, how about an analysis of the terms of services of some competiting storage services? I’d be curious to see if the service you use has something similar in the legalese. You could perhaps even build it into a standalone article hightlighted the key points of various agreements.

I can’t imagine where you’d find a lawyer capable of deciphering the fine print …

@Kosmo – Well, Box.net includes clauses in its terms use that allow them to scan content, but they are very explicit, at least to my eye, on the what and the why. They don’t really mention the how, however. I would like to know if they are scanning for keywords and phrases via an algorithm, or if they are using people.

They do specifically say that they are allowed to access, copy, etc., for the sole purpose of providing their services. That’s a bit more firm than what Amazon is touting.

Dropbox takes a better approach, overall, by stating repeatedly that they have no obligation to monitor or police users or their files, and will not be held responsible for any misuse of the service, etc. They go on to say, much further down, however, that while they are not obligated to look into people’s files, and generally don’t, they do retain the right to do so in order to ensure compliance with their terms, which are specifically stated. Again, that seems a whole lot more specific than “as we determine is necessary to provide the service.”

This is a great story and one that should receive much attention in light of the recent subpoena served on Pandora for privacy violations. The question becomes whether developers of web and mobile apps are intentionally violating US computer fraud laws in efforts to become more profitable.

Developers are cognizant that the average user is not going read the Terms of Service and Privacy Agreements of most apps. What’s worse, there doesn’t seem to be any real simplistic way of knowing whether the information and/or data collected from the user can be used for malicious purposes. For example, if an app says it can collect my phones Unique ID – what does that mean? Do they collect the data to make better advertising and/or business decisions? Do they sell my UID information to 3rd parties? What about address book, GPS information? How about Apple’s FaceTime allegedly taking photos by itself?

If you hop over to the Wall Street Journal’s site, you’ll note they launched an investigation in December 2010 of 101 iPhone and Android apps and looked at what exactly they’re sending out themselves and 3rd parties. Candidly, it’s frightening. Click here to access the interactive report. It’s amazing. Let’s take Groupon for an example. It not only collects Username/Password, but your Phone Number and your Age/Gender. It then takes that information back to its own company as well as Fluent Mobile, Flurry and Google Analytics. It really does make you re-think many of your app choices.

According to the WSJ, Pandora doesn’t believe it has much to worry about, as this is more of an industry-wide probe and the SEC is looking to explore what’s really happening here.

So the question ultimately becomes this: similar to the FDA’s requirement that food have Nutritional Facts and health risks on cigarettes in plain English, can we require the same of developers of web and mobile apps? Should developers create plain English warnings of not just that data is being collected but importantly how it is being collected. This would accomplish 2 objectives in my mind: 1) whether the developer is using the data it takes from our computers and phones in a proper, non-malicious fashion; and 2) allows the user to make a more informed decision as to whether s/he wants the data collected, even in a non-malicious way.

I’ll add one PS to my note above. I downloaded Lookout Mobile, which amongst other things, scans the privacy settings of your apps on the Android and iOS. I’ve reached out to some of the developers I saw in both the WSJ article and whom I saw in the Lookout results.

I feel a whole lot better having heard directly from CardStar, Calengoo (thanks for that recommendation!), Adao Uninstaller, Yelp, and FlickrFree who have all assured me that they do not sell your data. Specifically as it relates to Yelp, I was told they no longer send their data over to Flurry. All data collected is being used only to aggregate metrics to track things like monthly visitors, search volume, etc.

Good to know everyone is taking these issues very seriously … and another reason for all of us as consumers to read the fine print!

Like I said in our conversation on Twitter, thanks for the info on the Pandora subpoena. I hadn’t heard about that. I agree that there should be some sort of plain English warning, but the fact is, it probably wouldn’t matter. Some people would take the label in stride, shrug it off, compromising their privacy for the feature-set. Other people wouldn’t even notice it, and still others would just say “It’s the internet, what do you expect? It’s where the world is headed and there’s nothing we can do about it.”

The troubling thing is, I can’t honestly say that I wouldn’t, in some cases, be one of those people.

As I mentioned to Tony, above, I give Amazon credit for being plain about their ability to dig around in and essentially “do what they think best” with your private information and files. I don’t agree with it by any means, but there is always the possibility that I have unknowingly agreed to exactly that with other companies that have 40-page terms of service contracts. I can’t say I’ve fully read Apple’s iTunes contract, for example, and all of its subsequent rewrites that seem to happen every month or so.

It’s getting to the point where we all need to have personal privacy rights lawyers standing by on speed dial.

1 Pingback

To respond on your own website, enter the URL of your response which should contain a link to this post's permalink URL. Your response will then appear (possibly after moderation) on this page. Want to update or remove your response? Update or delete your post and re-enter your post's URL again. (Learn More)

Search the site

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.